[Freeipa-users] limit access to a specific CN
Rob Crittenden
rcritten at redhat.com
Tue Feb 15 19:02:20 UTC 2011
Peter Doherty wrote:
> Hello, I'm running Fedora 14 and freeipa 1.2.2-6
>
>
> Can I create a new cn/nsContainer (cn=subgroup,dc=example,dc=com)
> and then create an account that can edit that cn as much as they want,
> but can't edit the other ones (ie: accounts, groups...)?
> Any pointers to documentation would be useful. Unfortunately I'm not
> 100% clear on my terminology, so google searches are leading me a bit
> astray.
What would you put into this container?
389-ds certainly supports doing this, depending on what exactly you want
to do IPA may or may not support it. For example, we look for a type of
entry only within a given container, so you can't put users into another
location.
rob
More information about the Freeipa-users
mailing list